diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-02-17 21:36:43 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-02-17 21:36:43 +0100 |
commit | cdf0d6c32f5c6c7c3071d35fa770eaf62fbad312 (patch) | |
tree | 038a07c87d4a6cee98a1f7cad78e0ac92742d2d6 /src/deprecated/extensions | |
parent | 2473a408abdd79fb4b24c5c56f769791203c0cd8 (diff) |
src: remove old deprecated API
This patch removes the first API version which was scheduled in
2007. That API had several major limitations that the new one
solved. I don't know of any known existing client of this old
API.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/deprecated/extensions')
-rw-r--r-- | src/deprecated/extensions/Makefile.am | 14 | ||||
-rw-r--r-- | src/deprecated/extensions/libnetfilter_conntrack_icmp.c | 84 | ||||
-rw-r--r-- | src/deprecated/extensions/libnetfilter_conntrack_sctp.c | 94 | ||||
-rw-r--r-- | src/deprecated/extensions/libnetfilter_conntrack_tcp.c | 136 | ||||
-rw-r--r-- | src/deprecated/extensions/libnetfilter_conntrack_udp.c | 78 |
5 files changed, 0 insertions, 406 deletions
diff --git a/src/deprecated/extensions/Makefile.am b/src/deprecated/extensions/Makefile.am deleted file mode 100644 index e44525b..0000000 --- a/src/deprecated/extensions/Makefile.am +++ /dev/null @@ -1,14 +0,0 @@ -include $(top_srcdir)/Make_global.am - -AUTOMAKE_OPTIONS = no-dependencies foreign - -AM_CFLAGS=-fPIC -Wall -LIBS= @LIBNFCONNTRACK_LIBS@ - -noinst_LTLIBRARIES = libnfct_proto_tcp.la libnfct_proto_udp.la \ - libnfct_proto_icmp.la libnfct_proto_sctp.la - -libnfct_proto_tcp_la_SOURCES = libnetfilter_conntrack_tcp.c -libnfct_proto_udp_la_SOURCES = libnetfilter_conntrack_udp.c -libnfct_proto_icmp_la_SOURCES = libnetfilter_conntrack_icmp.c -libnfct_proto_sctp_la_SOURCES = libnetfilter_conntrack_sctp.c diff --git a/src/deprecated/extensions/libnetfilter_conntrack_icmp.c b/src/deprecated/extensions/libnetfilter_conntrack_icmp.c deleted file mode 100644 index d15d7a1..0000000 --- a/src/deprecated/extensions/libnetfilter_conntrack_icmp.c +++ /dev/null @@ -1,84 +0,0 @@ -/* - * (C) 2005 by Pablo Neira Ayuso <pablo@netfilter.org> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - */ -#include <stdio.h> -#include <getopt.h> -#include <stdlib.h> -#include <string.h> -#include <netinet/in.h> /* For htons */ -#include <libnetfilter_conntrack/linux_nfnetlink_conntrack.h> -#include <libnetfilter_conntrack/libnetfilter_conntrack.h> -#include <libnetfilter_conntrack/libnetfilter_conntrack_icmp.h> - -#include "internal/deprecated.h" - -static void parse_proto(struct nfattr *cda[], struct nfct_tuple *tuple) -{ - if (cda[CTA_PROTO_ICMP_TYPE-1]) - tuple->l4dst.icmp.type = - *(u_int8_t *)NFA_DATA(cda[CTA_PROTO_ICMP_TYPE-1]); - - if (cda[CTA_PROTO_ICMP_CODE-1]) - tuple->l4dst.icmp.code = - *(u_int8_t *)NFA_DATA(cda[CTA_PROTO_ICMP_CODE-1]); - - if (cda[CTA_PROTO_ICMP_ID-1]) - tuple->l4src.icmp.id = - *(u_int16_t *)NFA_DATA(cda[CTA_PROTO_ICMP_ID-1]); -} - -static void build_tuple_proto(struct nfnlhdr *req, int size, - struct nfct_tuple *t) -{ - nfnl_addattr_l(&req->nlh, size, CTA_PROTO_ICMP_CODE, - &t->l4dst.icmp.code, sizeof(u_int8_t)); - nfnl_addattr_l(&req->nlh, size, CTA_PROTO_ICMP_TYPE, - &t->l4dst.icmp.type, sizeof(u_int8_t)); - nfnl_addattr_l(&req->nlh, size, CTA_PROTO_ICMP_ID, - &t->l4src.icmp.id, sizeof(u_int16_t)); -} - -static int print_proto(char *buf, struct nfct_tuple *t) -{ - /* The ID only makes sense some ICMP messages but we want to - * display the same output that /proc/net/ip_conntrack does */ - return (sprintf(buf, "type=%d code=%d id=%d ",t->l4dst.icmp.type, - t->l4dst.icmp.code, - ntohs(t->l4src.icmp.id))); -} - -static int compare(struct nfct_conntrack *ct1, - struct nfct_conntrack *ct2, - unsigned int flags) -{ - if (flags & ICMP_TYPE) - if (ct1->tuple[NFCT_DIR_ORIGINAL].l4dst.icmp.type != - ct2->tuple[NFCT_DIR_ORIGINAL].l4dst.icmp.type) - return 0; - if (flags & ICMP_CODE) - if (ct1->tuple[NFCT_DIR_ORIGINAL].l4dst.icmp.code != - ct2->tuple[NFCT_DIR_ORIGINAL].l4dst.icmp.code) - return 0; - if (flags & ICMP_ID) - if (ct1->tuple[NFCT_DIR_REPLY].l4src.icmp.id != - ct2->tuple[NFCT_DIR_REPLY].l4src.icmp.id) - return 0; - - return 1; -} - -struct nfct_proto icmp = { - .name = "icmp", - .protonum = IPPROTO_ICMP, - .parse_proto = parse_proto, - .build_tuple_proto = build_tuple_proto, - .print_proto = print_proto, - .compare = compare, - .version = VERSION -}; diff --git a/src/deprecated/extensions/libnetfilter_conntrack_sctp.c b/src/deprecated/extensions/libnetfilter_conntrack_sctp.c deleted file mode 100644 index 1fa63a5..0000000 --- a/src/deprecated/extensions/libnetfilter_conntrack_sctp.c +++ /dev/null @@ -1,94 +0,0 @@ -/* - * (C) 2005 by Pablo Neira Ayuso <pablo@netfilter.org> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - */ -#include <stdio.h> -#include <getopt.h> -#include <stdlib.h> -#include <string.h> -#include <netinet/in.h> /* For htons */ -#include <libnetfilter_conntrack/linux_nfnetlink_conntrack.h> -#include <libnetfilter_conntrack/libnetfilter_conntrack.h> -#include <libnetfilter_conntrack/libnetfilter_conntrack_sctp.h> - -#include "internal/deprecated.h" - -static void parse_proto(struct nfattr *cda[], struct nfct_tuple *tuple) -{ - if (cda[CTA_PROTO_SRC_PORT-1]) - tuple->l4src.sctp.port = - *(u_int16_t *)NFA_DATA(cda[CTA_PROTO_SRC_PORT-1]); - if (cda[CTA_PROTO_DST_PORT-1]) - tuple->l4dst.sctp.port = - *(u_int16_t *)NFA_DATA(cda[CTA_PROTO_DST_PORT-1]); -} - -static void parse_protoinfo(struct nfattr *cda[], struct nfct_conntrack *ct) -{ -/* if (cda[CTA_PROTOINFO_SCTP_STATE-1]) - ct->protoinfo.sctp.state = - *(u_int8_t *)NFA_DATA(cda[CTA_PROTOINFO_SCTP_STATE-1]); -*/ -} - -static void build_tuple_proto(struct nfnlhdr *req, int size, - struct nfct_tuple *t) -{ - nfnl_addattr_l(&req->nlh, size, CTA_PROTO_SRC_PORT, - &t->l4src.sctp.port, sizeof(u_int16_t)); - nfnl_addattr_l(&req->nlh, size, CTA_PROTO_DST_PORT, - &t->l4dst.sctp.port, sizeof(u_int16_t)); -} - -static int print_protoinfo(char *buf, union nfct_protoinfo *protoinfo) -{ -/* fprintf(stdout, "%s ", states[protoinfo->sctp.state]); */ - return 0; -} - -static int print_proto(char *buf, struct nfct_tuple *tuple) -{ - return(sprintf(buf, "sport=%u dport=%u ", htons(tuple->l4src.sctp.port), - htons(tuple->l4dst.sctp.port))); -} - -static int compare(struct nfct_conntrack *ct1, - struct nfct_conntrack *ct2, - unsigned int flags) -{ - if (flags & SCTP_ORIG_SPORT) - if (ct1->tuple[NFCT_DIR_ORIGINAL].l4src.sctp.port != - ct2->tuple[NFCT_DIR_ORIGINAL].l4src.sctp.port) - return 0; - if (flags & SCTP_ORIG_DPORT) - if (ct1->tuple[NFCT_DIR_ORIGINAL].l4dst.sctp.port != - ct2->tuple[NFCT_DIR_ORIGINAL].l4dst.sctp.port) - return 0; - if (flags & SCTP_REPL_SPORT) - if (ct1->tuple[NFCT_DIR_REPLY].l4src.sctp.port != - ct2->tuple[NFCT_DIR_REPLY].l4src.sctp.port) - return 0; - if (flags & SCTP_REPL_DPORT) - if (ct1->tuple[NFCT_DIR_REPLY].l4dst.sctp.port != - ct2->tuple[NFCT_DIR_REPLY].l4dst.sctp.port) - return 0; - - return 1; -} - -struct nfct_proto sctp = { - .name = "sctp", - .protonum = IPPROTO_SCTP, - .parse_proto = parse_proto, - .parse_protoinfo = parse_protoinfo, - .build_tuple_proto = build_tuple_proto, - .print_proto = print_proto, - .print_protoinfo = print_protoinfo, - .compare = compare, - .version = VERSION -}; diff --git a/src/deprecated/extensions/libnetfilter_conntrack_tcp.c b/src/deprecated/extensions/libnetfilter_conntrack_tcp.c deleted file mode 100644 index 60447fe..0000000 --- a/src/deprecated/extensions/libnetfilter_conntrack_tcp.c +++ /dev/null @@ -1,136 +0,0 @@ -/* - * (C) 2005 by Pablo Neira Ayuso <pablo@netfilter.org> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - */ -#include <stdio.h> -#include <getopt.h> -#include <stdlib.h> -#include <string.h> -#include <netinet/in.h> /* For htons */ -#include <libnetfilter_conntrack/linux_nfnetlink_conntrack.h> -#include <libnetfilter_conntrack/libnetfilter_conntrack.h> -#include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h> - -#include "internal/deprecated.h" - -static const char *states[] = { - "NONE", - "SYN_SENT", - "SYN_RECV", - "ESTABLISHED", - "FIN_WAIT", - "CLOSE_WAIT", - "LAST_ACK", - "TIME_WAIT", - "CLOSE", - "LISTEN" -}; - -static void parse_proto(struct nfattr *cda[], struct nfct_tuple *tuple) -{ - if (cda[CTA_PROTO_SRC_PORT-1]) - tuple->l4src.tcp.port = - *(u_int16_t *)NFA_DATA(cda[CTA_PROTO_SRC_PORT-1]); - if (cda[CTA_PROTO_DST_PORT-1]) - tuple->l4dst.tcp.port = - *(u_int16_t *)NFA_DATA(cda[CTA_PROTO_DST_PORT-1]); -} - -static void parse_protoinfo(struct nfattr *cda[], struct nfct_conntrack *ct) -{ - struct nfattr *tb[CTA_PROTOINFO_TCP_MAX]; - - /* - * Listen to me carefully: This is easy to trigger with events ;). - * The conntrack event messages don't always contain all the - * information about a conntrack, just those fields that have changed. - * So you can receive a message about a TCP connection with no bits - * talking about the private protocol information. - * - * --pablo 05/10/31 - */ - if (!cda[CTA_PROTOINFO_TCP-1]) - return; - - nfnl_parse_nested(tb,CTA_PROTOINFO_TCP_MAX, cda[CTA_PROTOINFO_TCP-1]); - - if (tb[CTA_PROTOINFO_TCP_STATE-1]) - ct->protoinfo.tcp.state = - *(u_int8_t *)NFA_DATA(tb[CTA_PROTOINFO_TCP_STATE-1]); -} - -static void build_tuple_proto(struct nfnlhdr *req, int size, - struct nfct_tuple *t) -{ - nfnl_addattr_l(&req->nlh, size, CTA_PROTO_SRC_PORT, - &t->l4src.tcp.port, sizeof(u_int16_t)); - nfnl_addattr_l(&req->nlh, size, CTA_PROTO_DST_PORT, - &t->l4dst.tcp.port, sizeof(u_int16_t)); -} - -static void build_protoinfo(struct nfnlhdr *req, int size, - struct nfct_conntrack *ct) -{ - struct nfattr *nest_proto; - - nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_TCP); - nfnl_addattr_l(&req->nlh, size, CTA_PROTOINFO_TCP_STATE, - &ct->protoinfo.tcp.state, sizeof(u_int8_t)); - nfnl_nest_end(&req->nlh, nest_proto); -} - -static int print_protoinfo(char *buf, union nfct_protoinfo *protoinfo) -{ - return(sprintf(buf, "%s ", states[protoinfo->tcp.state])); -} - -static int print_proto(char *buf, struct nfct_tuple *tuple) -{ - return(sprintf(buf, "sport=%u dport=%u ", htons(tuple->l4src.tcp.port), - htons(tuple->l4dst.tcp.port))); -} - -static int compare(struct nfct_conntrack *ct1, - struct nfct_conntrack *ct2, - unsigned int flags) -{ - if (flags & TCP_ORIG_SPORT) - if (ct1->tuple[NFCT_DIR_ORIGINAL].l4src.tcp.port != - ct2->tuple[NFCT_DIR_ORIGINAL].l4src.tcp.port) - return 0; - if (flags & TCP_ORIG_DPORT) - if (ct1->tuple[NFCT_DIR_ORIGINAL].l4dst.tcp.port != - ct2->tuple[NFCT_DIR_ORIGINAL].l4dst.tcp.port) - return 0; - if (flags & TCP_REPL_SPORT) - if (ct1->tuple[NFCT_DIR_REPLY].l4src.tcp.port != - ct2->tuple[NFCT_DIR_REPLY].l4src.tcp.port) - return 0; - if (flags & TCP_REPL_DPORT) - if (ct1->tuple[NFCT_DIR_REPLY].l4dst.tcp.port != - ct2->tuple[NFCT_DIR_REPLY].l4dst.tcp.port) - return 0; - if (flags & TCP_STATE) - if (ct1->protoinfo.tcp.state != ct2->protoinfo.tcp.state) - return 0; - - return 1; -} - -struct nfct_proto tcp = { - .name = "tcp", - .protonum = IPPROTO_TCP, - .parse_protoinfo = parse_protoinfo, - .parse_proto = parse_proto, - .build_tuple_proto = build_tuple_proto, - .build_protoinfo = build_protoinfo, - .print_protoinfo = print_protoinfo, - .print_proto = print_proto, - .compare = compare, - .version = VERSION -}; diff --git a/src/deprecated/extensions/libnetfilter_conntrack_udp.c b/src/deprecated/extensions/libnetfilter_conntrack_udp.c deleted file mode 100644 index 522c0ae..0000000 --- a/src/deprecated/extensions/libnetfilter_conntrack_udp.c +++ /dev/null @@ -1,78 +0,0 @@ -/* - * (C) 2005 by Pablo Neira Ayuso <pablo@netfilter.org> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - */ -#include <stdio.h> -#include <getopt.h> -#include <stdlib.h> -#include <string.h> -#include <netinet/in.h> /* For htons */ -#include <libnetfilter_conntrack/linux_nfnetlink_conntrack.h> -#include <libnetfilter_conntrack/libnetfilter_conntrack.h> -#include <libnetfilter_conntrack/libnetfilter_conntrack_udp.h> - -#include "internal/deprecated.h" - -static void parse_proto(struct nfattr *cda[], struct nfct_tuple *tuple) -{ - if (cda[CTA_PROTO_SRC_PORT-1]) - tuple->l4src.udp.port = - *(u_int16_t *)NFA_DATA(cda[CTA_PROTO_SRC_PORT-1]); - if (cda[CTA_PROTO_DST_PORT-1]) - tuple->l4dst.udp.port = - *(u_int16_t *)NFA_DATA(cda[CTA_PROTO_DST_PORT-1]); -} - -static int print_proto(char *buf, struct nfct_tuple *tuple) -{ - return (sprintf(buf, "sport=%u dport=%u ", htons(tuple->l4src.udp.port), - htons(tuple->l4dst.udp.port))); -} - -static void build_tuple_proto(struct nfnlhdr *req, int size, - struct nfct_tuple *t) -{ - nfnl_addattr_l(&req->nlh, size, CTA_PROTO_SRC_PORT, - &t->l4src.udp.port, sizeof(u_int16_t)); - nfnl_addattr_l(&req->nlh, size, CTA_PROTO_DST_PORT, - &t->l4dst.udp.port, sizeof(u_int16_t)); -} - -static int compare(struct nfct_conntrack *ct1, - struct nfct_conntrack *ct2, - unsigned int flags) -{ - if (flags & UDP_ORIG_SPORT) - if (ct1->tuple[NFCT_DIR_ORIGINAL].l4src.udp.port != - ct2->tuple[NFCT_DIR_ORIGINAL].l4src.udp.port) - return 0; - if (flags & UDP_ORIG_DPORT) - if (ct1->tuple[NFCT_DIR_ORIGINAL].l4dst.udp.port != - ct2->tuple[NFCT_DIR_ORIGINAL].l4dst.udp.port) - return 0; - if (flags & UDP_REPL_SPORT) - if (ct1->tuple[NFCT_DIR_REPLY].l4src.udp.port != - ct2->tuple[NFCT_DIR_REPLY].l4src.udp.port) - return 0; - if (flags & UDP_REPL_DPORT) - if (ct1->tuple[NFCT_DIR_REPLY].l4dst.udp.port != - ct2->tuple[NFCT_DIR_REPLY].l4dst.udp.port) - return 0; - - return 1; -} - -struct nfct_proto udp = { - .name = "udp", - .protonum = IPPROTO_UDP, - .build_tuple_proto = build_tuple_proto, - .parse_proto = parse_proto, - .print_proto = print_proto, - .compare = compare, - .version = VERSION, -}; |